|
SSL relay is an easy way to provide secure html for XAP applications. SSL Relay acts as an intermediary between the browser and xap applications, performing the SSL activity, and relaying data to and from XAP.
|
|
|
| Background:
SSL Relay -- Secure Sockets Layer for XAP (Secure HTTP) |
|
SSL (Secure Sockets Layer) is a protocol for transmitting private or sensitive information over the Internet. SSL works by using private `keys` to encrypt data that's transferred and another key is used to un-encrypt it at the destination so that anyone intercepting the information won`t undertstand it.
|
|
Website addresses that require an SSL connection start with https: instead of http:.
The standard port that SSL uses to communicate with the sever is 443 instead of port 80 for non-secure transactions, although SSL Relay can support ports other than 443 if desired.
|
|
SSL allows a web browser or client to authenticate the existence and identity of a website using digital keys and certificates. It also allows for all information that it sends to be encrypted, ensuring that information cannot be intercepted or stolen while in transit.
|
|
SSL works on the basis of two keys, a private and a public key, known as a 'keypair'. When you request an SSL session to a server, the client browser will negotiate a 'SSL Handshake' with that server. The client browser then creates a third unique key, known as the Pre Master Secret Key, which is encrypted using the public key (included in the certificate) and sent to the server. The server then decrypts the session key with the private key, and both then create the final Master Secret Key, which will be used for this session only. In a nutshell, the client uses the public key to authenticate the signature made by the private key.
|
|
All of the above seems complex, and it is; SSL Relay takes care of all of that complexity and provides a seamless and simple secure interface for all XAP programs.
|
| Discussion: |
SSL Relay works by performing all required encryption/decryption/authentication necessary for secure transactions with the client, and passing all web trafic to/from the xap programs. The xap programs are not required to be aware of the extra SSL layer involved, but may obtain that knowlege if needed.
| |
SSL Relay requires a unique public certificate obtained for the domain. Signature staff will apply for the certificate on the customer's behalf by filling out the appropriate forms and performing the appropriate procedures involved.
|
|
SSL Relay usually works with a unique sub-domain name. If the normal domain name used for XAP traffic is www.companyname.com, the SSL sub-domain might be ssl.companyname.com. The customer is responsible for any DNS configuration necessary to register this sub-domain name and open the appropriate port for SSL on their firewall.
|
|
Once a certificate is obtained, Signature Systems will send a zip file to the customer containing all necessary executables, files and certicficates. Installation is performed by unzipping the file on the XAP workstation and copying a pre-coded shortcut to the desktop and startup folder.
|
